Posts: 1 to 25 of 45

Topic: Fix SSL on Chumby One

I think I found a fix for the SSL issue, which is preventing some widgets to work.

Basically I've recompiled libcurl using the same version installed on the chumby but linked it to an upgraded OpenSSL library (1.0.0s). Everything else (gnutls, hair raising c-ares, zlib etc.) stays the same.Since the OpenSSL library is statically linked to libcurl, the impact on the rest of the system should be minimal.

This makes the update relatively simple. It's made of three files: libcurl, curl (an executable) and an updated CA store. These files should just be copied on the Chumby file system.

The installation does require some basic Unix knowledge and Chumby hacking and does modify the internal OS: beware as mistakes can prevent the device from booting.And no, there is no installer yet but if the update proves to be useful I will add one.

Re: Fix SSL on Chumby One

I have released Version 3 of the SSL fix for the Chumby One.

This update addresses the performance issues of the previous versions: it drops support of OpenSSL and uses mbedTLS instead.Improvements are quite satisfying and until now I haven't had any compatibility issues.

Probably this is going to be the last release and only bug fixes or minor tweaks will follow.

Unpack the archive and save all files and directories in a USB key, insert the key in the Chumby, turn on the Chumby and wait until the widgets are displayed.If you can find the picture of a nice Swiss mountain in the key src directory, the test was successful.(technical stuff is in the install.log)

Re: Fix SSL on Chumby One

Has anyone tried this fix?I am aware that it would probably not impact local weather since the app has been modified, but was hoping it might allow loading jpgs etc., via URLimage from sites using SSL.

Re: Fix SSL on Chumby One

Hello. Sorry for the late feedback but I rarely come back to the chumby site.

Unfortunately I don't a Chumby 8 and neither do know anybody who does. Therefore testing and adapting the fix requires some creative thinking.

There are several reasons why the test may fail and some of them might be benign. Therefore it might be helpful to post the install.log file (from the usb key) since it may hint at what actually went wrong.

Re: Fix SSL on Chumby One

Hello. Thank you for your reply. I can verify that this works nicely on the Chumby One and the Infocast 3.5" units.There is a widget called WGraph that doesn't work on the CHumby One or the Infocast 3.5 unless this SSL fix is installed.WGraph does already run on the soft (original) chumby because the firmware 1.7.3 seems to have corrected the SSL issue on that unit.When I ran the test-SSLfix on the Chumby 8, there was no install.log file on the usb stick... so perhaps the debugchumby program was not run during boot? Should it be renamed to something else on the 8? Thanks again for making this fix available.

Re: Fix SSL on Chumby One

The USB stick light came on and flashed on/off during the boot process.I tried both USB slots 1 and 2.I've even named the stick itself "debugchumby" to see if that made a difference.The firmware upgrade for a C8 requires a file named update.zip. Do you think we need to zip this accordingly for it to work?

Another thought...if you are interested, I would be willing to loan you my Red C8 (I'll ship it to you if you will promise to ship it back).Then we can figure out how to do good for a large segment of the Chumby community (everyone with C8's or Insignia 8's which have been upgraded to the Chumby firmware would benefit from this fix).

Re: Fix SSL on Chumby One

Francesco,I decided to try some different memory sticks and formats.I had an old one that was FAT16 and tried the contents of SSL-Fix-V3uni.zip on the Chumby 8 running:control panel 5.0.38b2Software Ver: 1.8.2Firmware Ver: 1.8.3883

The Items I found in "install.log" afterwards are shown below.Was this a successful installation? Is there anything else for me to do?

I did check and now the Chumby 8 displays the widget called WGraph. Am going to do a little more experimenting.

Re: Fix SSL on Chumby One

Hello chankla.The first log (Chumby 8) shows that the installation was already done and it was a valid and working one.

I admit the last line:

Unable to perform install/recover command

is a bit confusing. What it means in this context is that the installation was not repeated because it was already done before.

This is what I think happened. The first time you tried to install the fix, the usb key was mounted as readonly by the OS: the installation went smoothly but had no way to report it. Therefore the missing install.log .

My usb keys are fat32 and do work fine in the Chumby One: so maybe it's the Chumby 8 that handles them differently? Or maybe your keys were NTFS?

By the way this Saturday I've been working on a version of the test-fix that does not rely on the USB key being writable to report the compatibility of the system. It's almost ready.

Regarding the Insignia 8.

That is a bit more tricky. Lack of the "Original installation" message means that it did not recognize the default library files. My gut feeling is that there is a subtle difference in this firmware: I will send you a link to a modified version of debugchumby which will put in the log the list of the installed libcurl libraries.

Update:Here's a version of test-sslfix that adds to install.log a list of the relevant files

Re: Fix SSL on Chumby One

That's exciting news about the new test-fix program.I'll be glad to test it out for you on all the different chubby models I have.

Regarding TestFix 101, I ran it on both the Insignia 8 (I've mentioned before) and on the Chumby-ized Sony Dash.

Let me know what you think about the results:My litmus test widget (WGraph) is not working on the Insignia 8 or the Sony. Which points to it not being installed - so perhaps you will find the contents of the install log interesting... Here are the logs:

Checking installationNot recoverable installationOriginal installationTest failed: unable to load secured contentUnfortunately update will not work and should not be installed/usr/local/dcchd/directfb/lib:/usr/local/mrua/MRUA_src/../lib:/usr/local/dcchd/dcchd/core:/usr/local/dcchd/dcchd/brd:/usr/local/dcchd/dcchd/dvdvr:/usr/local/dcchd/dcchd/mono:/usr/local/dcchd/dcchd/curacao:/usr/local/dcchd/dcchd/curacao/lib:/usr/local/dcchd/dcchd/dtv/tuner:/usr/local/dcchd/dcchd/dtv/capture:/usr/local/dcchd/dcchd/dtv/network:/usr/local/dcchd/dcchd/dtv:/usr/local/dcchd/dcchd/dtv/hal:/usr/local/dcchd/dcchd/dtv/capture:/usr/local/dcchd/dcchd/dcchd:/usr/local/dcchd/dcchd/dtv/acap:/usr/local/mrua/MRUA_src/lib:/lib:/usr/lib:/usr/local/mrua/lib:/usr/local/dcchd/directfb/lib:/usr/local/dcchd/dcchd/dcchd:/usr/local/dcchd/dcchd/core:/usr/local/dcchd/dcchd/mono:/usr/local/dcchd/dcchd/dtv:/usr/local/dcchd/dcchd/dtv/capture:/usr/local/dcchd/dcchd/dtv/networkEnd of test

Then finally, as a benchmark, I repeated on a Chumby 8 and received this log:

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Francesco, based on these results, what would you like me to try next?I think I'll try the ssl-fix_wi-150 on the Insignia 8...

Re: Fix SSL on Chumby One

francesco wrote:

Hello I'm back.Finally, I think both the Insignia and the Dash are compatible....

The dash uses a MIPS processor, so ARM binaries won't work on it. In any case, the dash already supports SSL, however it has a redirect bug in the Flash Player with can't be resolved with a library update - redirects from http to https stay on port 80 instead of switching to 443.